sshkrb5

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2021 License: BSD-3-Clause Imports: 15 Imported by: 1

README

GitHub release Build Status Coverage Status Go Report Card GoDoc Go version Go version

GSSAPI middleware for crypto/ssh

The github.com/bodgit/sshkrb5 package implements the GSSAPIClient & GSSAPIServer interfaces in golang.org/x/crypto/ssh.

package main

import (
	"net"
	"os"
	"os/user"

	"github.com/bodgit/sshkrb5"
	"golang.org/x/crypto/ssh"
)

func main() {
	hostname := os.Args[1]

	u, err := user.Current()
	if err != nil {
		panic(err)
	}

	gssapi, err := sshkrb5.NewClient()
	if err != nil {
		panic(err)
	}
	defer gssapi.Close()

	config := &ssh.ClientConfig{
		User: u.Username,
		Auth: []ssh.AuthMethod{
			ssh.GSSAPIWithMICAuthMethod(gssapi, hostname),
		},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
	}

	client, err := ssh.Dial("tcp", net.JoinHostPort(hostname, "22"), config)
	if err != nil {
		panic(err)
	}
	defer client.Close()

	session, err := client.NewSession()
	if err != nil {
		panic(err)
	}
	defer session.Close()

	b, err := session.Output("whoami")
	if err != nil {
		panic(err)
	}
	os.Stdout.Write(b)
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client implements the ssh.GSSAPIClient interface.

func NewClient

func NewClient() (*Client, error)

NewClient returns a new Client using the current user.

func NewClientWithCredentials

func NewClientWithCredentials(domain, username, password string) (*Client, error)

NewClientWithCredentials returns a new Client using the provided credentials.

func NewClientWithKeytab

func NewClientWithKeytab(domain, username, path string) (*Client, error)

NewClientWithKeytab returns a new Client using the provided keytab.

func (*Client) Close

func (c *Client) Close() error

Close deletes any active security context and unloads any underlying libraries as necessary.

func (*Client) DeleteSecContext

func (c *Client) DeleteSecContext() error

DeleteSecContext is called by the ssh.Client to tear down any active security context.

func (*Client) GetMIC

func (c *Client) GetMIC(micField []byte) ([]byte, error)

GetMIC is called by the ssh.Client to authenticate the user using the negotiated security context.

func (*Client) InitSecContext

func (c *Client) InitSecContext(target string, token []byte, isGSSDelegCreds bool) ([]byte, bool, error)

InitSecContext is called by the ssh.Client to initialise or advance the security context.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL